5279492ed926f477434e864b70f05d5870c3428ffe4b20082a1053d1f5e30f74_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

5279492ed926f477434e864b70f05d5870c3428ffe4b20082a1053d1f5e30f74_NeikiAnalytics
Size

2.1MB
MD5

5d2641f7a4d6b76764c749cf4877c020
SHA1

d5396bb24e2dc59daa9deac0e3eec1dfdc67eff7
SHA256

5279492ed926f477434e864b70f05d5870c3428ffe4b20082a1053d1f5e30f74
SHA512

e6b08a7fd36c789c7cd90fb4c9acec7c3c0d8ef087c9a2a1b4151cc1962fb9636b158e0b2235fbee7a14001c32b647fa5814b88862b091898f3cc27de2ae3fb1
SSDEEP

49152:oe4/w+ODkiqQKypBvtCojPmFRXhsH6N25vOLg:DmOYVIMsaw5vt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5279492ed926f477434e864b70f05d5870c3428ffe4b20082a1053d1f5e30f74_NeikiAnalytics

Files

5279492ed926f477434e864b70f05d5870c3428ffe4b20082a1053d1f5e30f74_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

b7b9a8fbe943e1faf902813df2e5de2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_28\backend\build\bin\x64\Release\NvTmRep.pdb

Imports

kernel32

InitializeCriticalSectionEx
CreateFileW
GetFileAttributesW
RaiseException
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
SetEvent
ResetEvent
CreateEventW
FindClose
FindFirstFileW
FindNextFileW
CopyFileW
DeleteFileW
GetFileAttributesExW
RemoveDirectoryW
MultiByteToWideChar
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetNativeSystemInfo
FormatMessageW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetSystemDirectoryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetDriveTypeW
GetModuleHandleW
lstrlenW
GetVolumeInformationW
DeviceIoControl
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
SetThreadAffinityMask
GetCurrentProcess
GetProcessAffinityMask
Sleep
GetCurrentThread
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFullPathNameW
AreFileApisANSI
SetLastError
MoveFileExW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
OpenEventW
WaitForSingleObjectEx
SwitchToThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetFileSizeEx
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
GetStdHandle
ExitProcess
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetModuleFileNameA
LocalAlloc
lstrcmpA
InitializeCriticalSection
ReadFile
WriteFile
CompareStringW
CloseHandle
RtlUnwind
LocalFree
GetLastError
WaitForSingleObject
GetCommandLineW

shell32

SHGetFolderPathW
CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

ws2_32

ntohl

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo

user32

GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW

advapi32

RegCloseKey
QueryServiceStatus
CloseServiceHandle
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW

ole32

StringFromGUID2
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SafeArrayGetLBound
SafeArrayGetElement
VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantCopy
VariantChangeType

Sections

.text
Size: 1013KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7b9a8fbe943e1faf902813df2e5de2f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

version

ws2_32

setupapi

user32

advapi32

ole32

oleaut32

Sections

.text Size: 1013KB - Virtual size: 1013KB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 19KB - Virtual size: 45KB

.pdata Size: 44KB - Virtual size: 43KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 1013KB - Virtual size: 1013KB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 19KB - Virtual size: 45KB

.pdata
Size: 44KB - Virtual size: 43KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 572KB - Virtual size: 576KB